AutoSSL not renewing when it should?

aolbrechts

• July 03, 2018 03:50

Hello, I regularly have issues with AutoSSL that doesn't automatically renews SSL certificates for client web sites before they expire. Each time I have to manually check and force to renew them, which often causes web site downtime as moderne browsers don't display the web site if certificate isn't OK. I there something to change so that I'm sur the certificate automatically renews BEFORE expiration ? Thanks, Antoine

• 

  Agics

  • July 03, 2018 14:32

  I had this issue as well. It solved on my site weirdly enough by going in cpanel, select ssl status and include all subdomains. Often the ipv6 address is excluded by my users as it avoid them to get an e-mail. When autossl ran again the problem was solved.

  0
• 

  cPanelLauren

  • July 03, 2018 18:41

  Hello @aolbrechts As suggested by @Agics you may want to ensure that some domains are not excluded. If that is not the case can you please provide the output of the AutoSSL logs where the domains didn't renew? Thanks!

  0
• 

  cPanelLauren

  • July 04, 2018 12:36

  Hi @aolbrechts I removed the post due to the domain name being visible in a number of places in the response. Before I removed it though I looked at the logs and it doesn't seem that there is an error besides the notification prior to the DCV check that it doesn't have a valid certificate when the check completes. I checked a couple of the domains listed as well and they all show that they have SSL certificates assigned. Thank you

  0
• 

  aolbrechts

  • July 04, 2018 13:11

  Hello, Indeed there was no apparent error, and no the SSL certificates are OK, but that's after I manually ran AutoSSL again. I would rather prefer not running in manually everyday in case there is a certificate to renew, not very practical ;-) Antoine

  0
• 

  cPanelLauren

  • July 05, 2018 12:50

  Hi @aolbrechts Are there logs from when you DID NOT run it automatically or is it just not running? That's ultimately what we'd need to see as I noted in my response. Thanks!

  0
• 

  aolbrechts

  • July 28, 2018 09:52

  Hello @cPanelLauren It's happening again, some certificates not being automatically renewed, although there aren't any issues. One example below, it's been in the queue for 2 days and nothing's going on. It's really a bummer, I have clients that randomly call me because the certificate isn't renewed automatically and their web site becomes unaccessible. Log for the AutoSSL run for "klarisd": Saturday, July 28, 2018 11:48:58 AM GMT+0200 (cPanel (powered by Comodo)) 11:48:58 AM AutoSSL"s configured provider is "cPanel (powered by Comodo)". Checking websites for "klarisd" " 11:48:58 AM Checking "klarisd.-------------" " 11:48:58 AM ERROR TLS Status: Defective ERROR Certificate expiry: 7/26/18, 12:00 AM UTC (2.41 days ago) ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (0:10:CERT_HAS_EXPIRED). 11:48:59 AM AutoSSL will request a new certificate. 11:48:59 AM The system will attempt to renew the SSL certificate for the website (klarisd.---------------------). The provider "cPanel (powered by Comodo)""s AutoSSL queue already contains a request for a certificate for "klarisd""s website "klarisd---------". The request"s start time is Jul 26, 2018, 7:46:16 AM UTC and its last poll time is Jul 26, 2018, 7:48:01 AM UTC. 11:48:59 AM The system has completed the AutoSSL check for "klarisd".

  0
• 

  cPanelLauren

  • July 30, 2018 13:30

  Hi @aolbrechts Is this originating from a different server as the first request? Could you please send me a private message with the IP address the domain is assigned to? I'd like to take a look at what is occurring on our internal system. Thanks!

  0

Please sign in to leave a comment.